From c8b417ccdbbfb45310e84d59e7c3fc4c5e1bd59a Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Fri, 27 Oct 2023 11:59:39 +0200 Subject: [PATCH] finish direct key signature section --- book/source/17-zoom_certificates.md | 39 +++++++++++++++++------------ 1 file changed, 23 insertions(+), 16 deletions(-) diff --git a/book/source/17-zoom_certificates.md b/book/source/17-zoom_certificates.md index 44a52ac..9ba1c4a 100644 --- a/book/source/17-zoom_certificates.md +++ b/book/source/17-zoom_certificates.md @@ -285,13 +285,13 @@ The subpacket details are as follows: - Type: `9` - Critical: `Yes` - Value: `0x05a48fbd` - - Notes: Defined as number of seconds after the key creation time. + - Notes: Defined as number of seconds after the key creation time - [**Preferred Symmetric Ciphers for v1 SEIPD**](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#preferred-v1-seipd) - Type: `11` - Critical: `No` - Value: `0x09 0x07` - - Notes: Values correspond to *AES with 256-bit key* and *AES with 128-bit key*. + - Notes: Values correspond to *AES with 256-bit key* and *AES with 128-bit key* - [**Preferred Hash Algorithms**](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#preferred-hashes-subpacket) - Type: `21` @@ -309,34 +309,41 @@ The subpacket details are as follows: - Type: `30` - Critical: `No` - Value: `0x01` - - Notes: Value corresponds to: *Symmetrically Encrypted Integrity Protected Data packet version 1*. + - Notes: Value corresponds to *Symmetrically Encrypted Integrity Protected Data packet version 1* - [**Issuer Fingerprint**](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#issuer-fingerprint-subpacket) - Type: `33` - Critical: `No` - Value: `aaa18cbb254685c58358320563fd37b67f3300f9fb0ec457378cd29f102698b3` - - Notes: This is the fingerprint of the component key that issued the signature in this packet. Note that here, the value is the primary key fingerprint of the certificate we're looking at. + - Notes: The fingerprint identifoes the component key that issued the signature in this packet. In this instance, the value is the primary key fingerprint of the certificate we're looking at. +The next part of this packet contains unhashed subpacket data: -The next part of this packet contains "unhashed subpacket data": +- `unhashed_area_len: 0x0000000a`: length of the following unhashed subpacket data (value: 10 bytes). -- `unhashed_area_len: 0x0000000a`: Length of the following unhashed subpacket data (value: 10 bytes). +As above, the following subpacket data consists of sets of subpacket length, subpacket type id, and data. In this case, only one subpacket follows: -As above, the following subpacket data consists of sets of "subpacket length, subpacket type id, data." In this case, only subpacket follows: - -- [Issuer Key ID](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#issuer-keyid-subpacket) (subpacket type 16): `aaa18cbb254685c5` (this is the shortened version 6 *Key ID* of the fingerprint of this certificate's primary key) +- [**Issuer Key ID**](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#issuer-keyid-subpacket) + - Type: `16` + - Critical: `No` + - Value: `aaa18cbb254685c5` + - Notes: This is the shortened version 6 *Key ID* of the fingerprint of this certificate's primary key. This concludes the unhashed subpacket data. -- `digest_prefix: 0x6747`: "The left 16 bits of the signed hash value" -- `salt_len, salt`: A random [salt value](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-advantages-of-salted-signat) (the size must be [matching for the hash algorithm](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#hash-algorithms-registry)) -- `ed25519_sig`: [Algorithm-specific](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-algorithm-specific-fields-for-ed2) representation of the signature (in this case: 64 bytes of Ed25519 signature) +This next section shows additional components of the Direct Key Signature packet: -The signature is calculated over a hash. The hash, in this case, is calculated over the following data (for details, see [Computing Signatures](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-11.html#name-computing-signatures) in the RFC): +- `digest_prefix: 0x6747`: the left 16 bits of the signed hash value -- The signature's salt -- A serialized form of the primary key's public data -- A serialized form of this direct key signature packet (up to, but excluding the unhashed area) +- `salt_len, salt`: a random [salt value](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-advantages-of-salted-signat) with size [matching the hash algorithm](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#hash-algorithms-registry)) + +- `ed25519_sig`: [algorithm-specific](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-algorithm-specific-fields-for-ed2) representation of the signature (here: 64 bytes of Ed25519 signature) + +The signature's hash is calculated over the following data (see [Computing Signatures](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-11.html#name-computing-signatures) in the RFC): + +- signature's salt +- serialized primary key's public data +- serialized direct key signature packet (excluding the unhashed area) (zoom_enc_subkey)=